Home » Featured » The Shadow Brokers Take to the ZeroNet to Sell the Stolen NSA Exploits
Click Here To Hide Tor

The Shadow Brokers Take to the ZeroNet to Sell the Stolen NSA Exploits

Months ago, news broke about a group of hackers who called themselves The Shadow Brokers. They stole weaponized NSA cyberwarfare software from the Equation Group, a group that originally stole the software from the NSA. The Shadow Brokers made several attempts at selling the software but repeatedly failed. Motherboard reported that the group disappeared, for the most part.


That is, until now. Joseph Cox found a post on Medium that pointed straight towards a site where The Shadow Brokers were selling the NSA’s software. The site sits on the “ZeroNet,” a web platform that rides on the BitTorrent network and utilizes Bitcoin cryptography. On their ZeroNet site, The Shadow Brokers (TSB) listed the files and tools on what appeared to be a person-by-person basis. “YOU LIKE. YOU EMAIL. YOU BUY,” was written underneath the group’s ZeroNet name.


The group that initially hacked and stole the NSA software, according to Kaspersky Lab’s Global Research & Analysis Team, was “The Death Star of Malware Galaxy.” To security researchers, there is no doubt that something connects the Equation Group to the NSA. Some claimed that the Equation Group (EG) was the NSA. Some claimed EG was a group of Russian hackers. “Many infections have been observed on servers, often domain controllers, data warehouses, website hosting and other types of servers,” Kaspersky Lab’s researchers reported. “At the same time, the infections have a self-destruct mechanism, so we can assume there were probably tens of thousands of infections around the world throughout the history of the Equation group’s operations.”


Kaspersky Labs, Edward Snowden, and Claudio Guarnieri–one of the primary investigators of NSA malware—saw similarities between US intelligence and EG. One of the most important discoveries was that of the “Fanny worm.” The Fanny Worm used two zero-day exploits before they integrated into Stuxnet. The internet world almost unanimously agrees that the US and Israel created Stuxnet to end Iran’s nuclear program. Fact or fiction–that makes no impact on Kaspersky Lab’s findings that strongly indicate the developers of Stuxnet and the developers of the Fanny Worm worked in coordination.


The Shadow Brokers appeared to set up shop on the ZeroNet. As mentioned before, the ZeroNet utilizes BitTorrent and Bitcoin technology. “Your account is protected by same cryptography as your Bitcoin wallet,” the ZeroNet landing page explains. “You can easily hide your IP address using the Tor network.” Configuring ZeroNet to work in conjunction with Tor is explained in the FAQ and, at least on Windows, Tor is bundled with ZeroNet.

On TheShadowBrokers.bit, “Message #6” explains”

TheShadowBrokers is trying auction. Peoples no like. TheShadowBrokers is seeking to crowdfund. Peoples is no liking. Now TheShadowBrokers is trying direct sales. Be checking out ListOfWarez. If you like, you email TheShadowBrokers with the name of Warez you want to make a purchase. TheShadowBrokers is emailing you back bitcoin address. You make payment. TheShadowBrokers emailing you link + decryption password. Files as always being signed.

They have currently posted 60 listings; the screenshot for each listing is available in a .zip file. The prices start at a single bitcoin for “tools” but quickly increase in price. The entire “auction” is available for the mediocre sum of 1,000BTC.

auction_file everything 1,000.0
bs unknown 10.0
catflap unknown 10.0
charms implant 100.0
common unknown 10.0
curses implant 100.0

The screenshot for charms:


The screenshot for dampcloud:


Cox reached out to The Shadow Group for comment but received no response. The NSA, apparently, ignored his questions as well.


  1. Ok, well I assume “implants” are to be they have “hacked” into different people and the “I have an FBI Chip” crowd is probably telling the truth.

    So, they have curses implants and charm implants that is interesting to know who decides who gets which. I wonder how long till there will no longer be anymore “curse”.

    Could those implants OS listings just be which form factor has that particular physical implant control board?

  2. If you are “pro” government agenda or control you get the charm implant, to further the ideal government form. And others will think you have “Charisma,” as in Obama becoming President of U.S.A. due to his “Charms”.

    Others who are “anti” government for various reasons are to be “cursed” implants “probably” in conjunction with Podestas’ spirit cooking rituals.

  3. Now, more specifically those who favor the “Israeli Regime” and settlement building and eradication of Muslims from the middle east region would be considered “Charmed” individuals and those that are anti-Israel regime government are considered “cursed”.

    Pretty much exactly the same playbook of the Roman Catholic Church during the “Dark Ages”.

    There is likely many many different layers of manipulations involved with these technologies.

    The Central point seems to be manipulating the Brains of humans to follow an “Implanted” image generated by the “Regime Forces”.

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *